WhatsApp云控,Line云控,Telegram云控,Viber云控,Zalo云控,TikTok云控
WhatsApp云控|WhatsApp协议号

合作咨询 TG:XH518178
创造有活力的品牌网站 提升用户体验和品牌价值感

如何破解Content Security Policy?

人气 

作者:Ran

2020-10-16 Ran

以WhatsApp网页版为例。

报错:

Refused to load the script ‘https://xxx/xxx.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ data: blob: ‘unsafe-eval’ ‘unsafe-inline’ https://ajax.googleapis.com https://api.search.live.net https://maps.googleapis.com https://www.youtube.com https://s.ytimg.com”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

破解:

chrome.webRequest.onHeadersReceived.addListener(

function (details) {

console.log(‘Disabled CSP’, details)

for (var i = 0; i < details.responseHeaders.length; i++) {

if (details.responseHeaders[i].name.toLowerCase() === ‘content-security-policy’) {

details.responseHeaders[i].value = ”

}

}

return {

responseHeaders: details.responseHeaders

}

},

{

urls: [

‘*://*.whatsapp.com/*’

]

},

[‘blocking’, ‘responseHeaders’]

)